In some situations, the costs to access digital content on mobile communication devices via a wireless data network, particularly the charges for using the wireless data network, may be subsidized by a content provider. However, to ensure a content provider's business model is protected in such situations, content providers need to ensure that such access to content is limited to the content sites that are approved by the content provider. For example, a school district may provide free Wi-Fi or subsidize cellular telephone network charges so that students may access school materials or research class-related topics via the Internet using their mobile devices when the students are using their mobile devices for schoolwork associated with school district approved content sites. However, the school district may want to protect against the students using subsidize delivery methods to download content from unapproved content sites in order to keep the cost associated with subsidized content delivery methods under control.
Current systems for controlling access to content are based on controls running on the application processor(s) of a mobile device, such as mobile device management (“MDM”) applications, application reference to Internet Protocol (“IP”) tables, etc. However, current systems fail to protect against the content controls running on the application processor being compromised on a “rooted” device. A “rooted” device is a mobile device on which a user, whether properly or improperly, is granted root level access on the application processor(s) of the mobile device (e.g., as super user, administrator, supervisor, etc.), thereby giving the user access to the application processor(s) sufficient to overcome content controls running on the application processor(s). By rooting a mobile device, the user can overcome content controls running on the application processor(s) to use a subsidized delivery method to access content that is not approved by the content provider. For example, a student with a “rooted” device may manipulate an IP routing table and/or disable a MDM application running on the application processor of her mobile device to allow her to use the school district subsidized delivery method (e.g., an LTE channel) to download content from unapproved content sites. The student's unauthorized use of the subsidized delivery method can result in an unwanted charge to the school district.